











Key Insights 


iPhone Is a highly personal device where users store some of their most sensitive 
and personal information. This means that maintaining security and privacy on the 
IOS ecosystem is of critical importance to users. However, some are demanding 
that Apple support the distribution of apps outside of the App Store, through direct 
downloads or third-party app stores, a process also referred to as “sideloading.” 
Supporting sideloading through direct downloads and third-party app stores 
would cripple the privacy and security protections that have made iPhone so 
secure, and expose users to serious security risks. 


Mobile malware and the resulting security and privacy threats are 
increasingly common and predominantly present on platforms 
that allow sideloading. 


15- 


more infections 


A European regulatory agency 
reported 230,000 new mobile 
malware infections per day. 





Over the past four years, Android Nearly 6 million attacks per 
devices were found to have month were detected by a large 
15 to 47 times more malware security firm on its clients’ 
infections than iPhone. Android mobile devices. 


Mobile malware harms consumers, companies, developers, and advertisers. 
Attacks on users employ various tactics and techniques. Common types of mobile 
malware affecting consumers are adware, ransomware, spyware, and banking and 
other credential-stealing trojans that masquerade as legitimate apps. Cybercriminals 
often reach their targets through social engineering or supply chain attacks, and 
sometimes use popular social media networks to spread the scams and attacks. 
Most rely on third-party app stores or direct downloads to spread malicious apps. 
Developers and advertisers are also harmed by these attacks, mostly through piracy, 
intellectual property theft, and loss of advertising revenue. 


lf Apple were forced to support sideloading: 


e More harmful apps would reach users because it would be easier for 
cybercriminals to target them — even if sideloading were limited to 
third-party app stores only. The large amount of malware and resulting 
security and privacy threats on third-party app stores shows that they do 
not have sufficient vetting procedures to check for apps containing known 
malware, apps violating user privacy, copycat apps, apps with illegal or 
objectionable content, and unsafe apps targeted at children. Users would 
now be responsible for determining whether sideloaded apps are safe, a 
very difficult task even for experts. In the rare cases in which a fraudulent 
or malicious app makes It onto the App Store, Apple can remove it once 
discovered and block any of its future variants, thereby stopping its spread 
to other users. If sideloading from third-party app stores were supported, 
malicious apps would simply migrate to third-party stores and continue to 
infect consumer devices. 


e Users would have less information about apps up front, and less control 
over apps after they download them onto their devices. Users may not get 
accurate information about apps they sideload through third-party app stores 
or via direct downloads because these app stores would not be required to 
provide the information displayed on the App Store product pages and privacy 
labels. And features like App Tracking Transparency and parental controls 
that allow users to control what iPhone data, hardware, and services can be 
accessed by those apps (such as the device's location, microphone, and 
camera) either would not be available or would be much easier for malicious 
actors to manipulate. Large companies that rely on digital advertising allege 
that they have lost revenue due to these privacy features, and may therefore 
have an incentive to distribute their apps via sideloading specifically to bypass 
these protections. Privacy on the iOS platform would therefore be eroded. 


e Some sideloading initiatives would also mandate removing protections 
against third-party access to proprietary hardware elements and 
non-public operating system functions. This would undermine core 
components of platform security that protect the operating system and iPhone 
data and services from malware, intrusion, and even operational flaws that 
could affect the reliability of the device and stop it from working. This would 
make it easier for cybercriminals to spy on users’ devices and steal their data. 


Even users who don’t want to sideload and prefer to download 
apps only from the App Store would be harmed if sideloading 
were supported. 


e Users could be forced to sideload an app they need for work or school. 
Users also may have no choice other than sideloading an app that they need to 
connect with family and friends because the app is not made available on the 
App Store. For example, if sideloading were permitted, some companies may 
choose to distribute their apps solely outside of the App Store. 


e Cybercriminals may trick users into sideloading apps by mimicking the 
appearance of the App Store, or by touting free or expanded access to 
services or exclusive features. 


By reviewing every app before it becomes available on the App Store to ensure It is 
free of malware and accurately represented to users, and by swiftly removing apps 
from the App Store if they are found to be harmful and limiting the spread of future 
variants, Apple protects the security of the ecosystem. Sideloading, through 
either direct downloads or third-party app stores, would undermine Apple's 
security and privacy protections, and is not in the best interest of users’ 
security and privacy. 


“We're trying to do two diametrically opposed things 
at once: provide an advanced and open platform to 
developers while at the same time protect iPhone 
users from viruses, malware, privacy attacks, etc. 


This is no easy task.” 


Steve Jobs, October 17, 2007 
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You can read Apple’s June 
2021 paper, "Building a 
Trusted Ecosystem for 
Millions of Apps: The 
important role of App 
Store protections," to see 
how a family's everyday 
experience using their 
iPhone would be different 
with sideloading. 





When iPhone was developed, PCs were the world’s primary computing 

tools, and they were riddled with viruses. PC users often encountered serious 
reliability issues because downloading software or visiting a website could result 

in their machines becoming infected with malware. Apple designed iPhone with 

the knowledge and intention that it would be a highly personal device where users 
would store some of their most sensitive and personal information, and could be 
used by a much larger and more diverse user base than was the case with PCs. 
They would keep it with them wherever they went and rely on it during emergencies. 
iPhone could not fall victim to the fate of PCs — it needed to be different. 


To provide reliability and security for users while establishing a platform for 
third-party developers to create and distribute apps, Apple built industry- 
leading security protections into iPhone and created the App Store, a trusted 
place where users could safely download vetted third-party apps. This 
approach has been effective: It is extremely rare for a user to encounter malware on 
iPhone. However, some are demanding that Apple support the distribution of apps 
outside of the App Store, through direct downloads or third-party app stores, a 
process also referred to as "sideloading.” Supporting sideloading would cripple the 
privacy and security protections of the iOS platform and expose users to serious 
security risks. 


Sideloading on iPhone would open opportunities for cybercriminals. Malicious 
actors would be galvanized to develop tools and expertise to attack iPhone users 
because of the additional opportunities and distribution channels sideloading would 
provide. The increased risk of malware attacks would put all users at greater risk, 
even those who prefer to download apps only on the App Store. Plainly, sideloading 
Is not in the best interest of users. Developers would be harmed as well, because 
the increased threat from sideloading would erode users’ trust in the ecosystem, 
resulting in many users downloading fewer apps from fewer developers, and making 
fewer in-app purchases. Developers would also be harmed by the proliferation 
of fake and copycat apps, as well as pirated apps. 





The current mobile threat landscape 


Mobile security threats are increasingly common, especially on platforms 
that support sideloading. The European Union's cybersecurity agency, ENISA, 
reported the detection of 230,000 new mobile malware infections per day —1.e., 
84 million per year — in 2019 and early 2020.' Kaspersky Lab, Europe's largest 
cybersecurity services provider, estimated that in 2020, nearly 6 million attacks 
per month affected Android mobile devices owned by its clients.?° 


These threats are predominantly present on platforms that support 
sideloading: Recent studies have shown that devices that run on Android —a 
platform that supports sideloading — have an estimated 15 to 47 times more 
infections from malicious software than iPhone.*° 


Mobile apps containing security threats pose significant risks.*° As a result, 
app review processes in first-party app stores (i.e., the App Store on iOS devices, 
and Google Play on Android devices) have become increasingly thorough and 
necessary to prevent security threats from reaching consumers. However, such 
app review protections are not always thorough, or even available at all, when users 
sideload apps from third-party app stores or direct downloads. 


Malware-infected mobile apps put all stakeholders in the mobile ecosystem 
at risk. While consumers are often the primary targets, malware attacks can harm 
and expose developers, online advertisers, and even businesses that are not direct 
participants in the mobile app ecosystem. Consumers who are victims of malware 
attacks are defrauded by cybercriminals, have their privacy and sensitive data 
compromised, and waste time and energy dealing with the consequences of the 
attacks.’ Malware-infected mobile apps are also often the first step in complex 
multi-step campaigns that allow cybercriminals to carry out a variety of attacks 
targeting a victim's financial resources.®:?° On platforms that support sideloading, 
many consumers have also needed to add antivirus services on their devices to 
attempt to stem the problem — at a cost of $3.4 billion per year for those services. 
In 2021, an estimated 1.3 billion smartphones worldwide were equipped with 
security solutions — four times as many as in 2016." Cybercriminals, however, 

are always a step ahead, meaning antivirus services are an incomplete patchwork 
solution to the growing malware problem." 


Malware designed to infect an individual's mobile device can also affect 
corporate data and corporate networks. There are many ways that hackers 


attack companies, for example by using phishing or attacking unpatched systems, 


and mobile malware has become an additional avenue to do so.'?"*5 With many 


organizations around the world adopting Bring Your Own Device (BYOD) policies 


that encourage employees to use their personal devices on corporate networks, 


mobile malware attacks can provide bad actors a direct route into corporate 


networks, which has led to an increase in threats targeting mobile devices."°"”"® 


Many IT and security experts have attributed certain data breaches to employees 


failing to secure sensitive corporate information on their mobile devices, and a study 
of corporate data breaches identified Android apps as one delivery method for 
malware."°'? Once bad actors manage to gain access to a corporate network, firms 


then face all types of attacks and security risks, such as ransomware, data theft, or 


loss of control of their network, all of which can lead to the loss of customer trust 


and litigation.*° 


CORPORATE COSTS OF MALWARE ATTACKS 


Firms face high costs from malware attacks, which can originate 
via mobile apps, among other sources: 


One single mobile device 
infected with malware costs 
an organization an average 
of nearly $10,000."° 


DATA BREACHES 


Data breaches, which can originate from 
mobile app malware, cost firms an average 
of over $4 million per breach, with 
estimates reaching up to $50 million.’ 22 


LOST BUSINESS 


Out of that $4 million, over $1.5 million is due 
to lost business. This cost includes the harm 
to reputation, which makes it more difficult 
for these firms to acquire new customers.?”2 


cf 


Among 1,800 US firms, 46 
percent had at least one 
employee download a malicious 
mobile app that threatened the 
company’s network and data.”' 


RANSOMWARE 


More than half of companies surveyed 

in France, Spain, Germany, and other 
European countries suffered a ransomware 
attack in 2019. Ransomware attacks, 
which can originate from mobile malware, 
cost companies more than $750,000 to 
remediate on average.”° 


Developers and advertisers are also harmed by cybercriminals. When pirating 
an app, cybercriminals illegally distribute another developer’s app, primarily through 
third-party sources (including third-party app stores), causing the developer 

to lose out on the app’s revenue.**° Cybercriminals may remove or replace 

the monetization tools that allow the developer to earn revenue, such as in-app 
purchases or advertising. In other cases, bad actors copy the design, branding, 

or content from another developer, profiting off of stolen intellectual property.2° 77 
This means that app piracy and intellectual property theft cause developers to 

lose out on revenue. Several game developers, for example, have reported that 90 
percent of their app installations on Android devices are pirated versions for which 
they earn no revenue.2*:7° Cybercriminals often target paid games, profiting by 
creating pirated versions of successful games such as Monument Valley, the Grand 
Theft Auto series, or Alto’s Adventure.2*° 


Advertisers are also harmed by mobile malware when cybercriminals and hackers 
use techniques such as click fraud and ad stacking, which frequently operate 
through sideloaded apps.”° Click fraud malware automatically directs traffic to web 
pages containing ads or clicks on ads to generate revenue on a per-view or per- 
click basis, respectively.7? With ad stacking, malware layers multiple advertisements 
over one another so that, while the user only sees the top one, the advertiser is 
fraudulently billed for all the ads.*° Damages to legitimate advertisers from inflated, 
fraudulent ad traffic are estimated to amount to billions of dollars.%°:*" 


Threats to mobile users have only compounded due to the increased reliance 
on mobile devices driven by the coronavirus pandemic. For example, consumers 
are now more likely to store personal health information on their devices, a type of 
valuable data that hackers can sell to multiple buyers.*2:*° Firms increasingly rely 
on BYOD policies to support remote work.”” These dynamics have created more 
opportunities for bad actors and increased the number of threats to mobile users. 
For example, mobile phishing — using fake messages to trick users into revealing 
confidential information or downloading malware — has increased by 37 percent.** 
Hackers have embedded malicious malware in COVID-19 apps and resources.°° 
And healthcare-related networks have experienced 15 percent more coronavirus- 
related malware attacks per user across mobile devices, tablets, and PCs than the 
average network.°** 


Snapshot of common consumer mobile malware 


The most common types 
of consumer mobile malware are adware, ransomware, spyware, and banking 
and other credential-stealing trojans masquerading as legitimate apps. (See 
Snapshot below.) Once attackers gain access to a device, they often use 
multiple tactics to exploit their targets: For instance, they can infect the device 
with both adware and spyware. 


Snapshot of common consumer mobile malware 


\ 


it Ly 4. 


GOAL 


IMPACT 
ON USER 


Note: This table reflects classifications proposed by cybersecurity firms such as Kaspersky Lab, Malware- 
bytes, WeLiveSecurity by ESET, Norton, and Nokia, and government agencies such as the European Union 
Agency for Cybersecurity (ENISA). 
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Other examples 
of adware 


FakeAdsBlock, a sideloaded 
Android trojan posing as 

a legitimate ad blocker, 
pollutes the device with 
pop-ups and redirections. 

It is very difficult to remove.*° 


Android.Click.312.origin 
clicker trojan is embedded 
in many legitimate apps. 

It generates ads on the 
apps and can load websites 
without user knowledge." 


CopyCat infects Android 
devices with adware and 
rooting malware. It spreads 
through tampered copies 

of popular apps released 

on third-party app stores.?? 
In two months in 2016, 
CopyCat malware infected 
more than 14 million Android 
devices around the world.*° 


Adware. Present in over half of mobile attacks, adware serves users Invasive 
advertisements to generate advertising revenue.*°°”3° Adware can infiltrate 
mobile devices through apps, manifesting as pop-ups, redirections, clicker 
trojans, and unwanted installations.°? 


HiddenAds: Adware that hides 
inside free apps and games to 
display intrusive ads 


WHO IT AFFECTS re; 





Since Its discovery in 2020, there Settings 
have been over 30,000 recorded 
HiddenAds attacks, affecting 
. HOW IT WORKS 
users worldwide. 
HiddenAds displays various 
HOW IT REACHES A USER'S DEVICE pop-up ads and website redirec- 


Apps infected with HiddenAds tions in the device’s browser to 


generate advertising revenue for 
adware masquerade as genuine 


Android apps, such as fake the malicious actor. 


versions of FaceApp — a popular 


photo modification app — and a Oe eee 

Call of Duty game.*” YouTube Once installed, the app appears as 
videos advertise these fake apps a fake settings icon. The icon can 
as free versions of legitimate even disappear with the adware 
apps and include download links. still running in the background. 
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Other examples 
of ransomware 


Fusob ransomware trojans 
are designed to lock a 
device while stealing call 
history, location history, and 
other sensitive data. These 
trojans have targeted users 
in Europe and the US.°?°4 


MalLocker.B, a family of 
Android malware distributed 
via sideloading, displays 

a ransom note over every 
other app window, ensuring 
that the target cannot use 
any other features of the 
phone.°>56 


Ransomware. Another common type of mobile security attack, ransomware, 
generally targets individual users by blocking a device's interface, preventing users 
from using it until a ransom Is paid, or by encrypting files in the device and only 
decrypting them after a payment is made.**:*° Cybercriminals using ransomware 
often steal sensitive data and threaten to spread it.*° In 2020, more than 4.2 million 
mobile users in the US alone were victims of mobile ransomware attacks.*”*® These 
attacks have become more common, fueled by the coronavirus pandemic and the 
rise of cryptocurrency, which cybercriminals can trade to avoid being traced.244749:5° 


CryCryptor: Ransomware 


poses as an Official 


COVID-19 tracing app 
and encrypts users’ files 


CryCryptor ransomware poses 
as an official COVID-19 tracing 
app from government agency 
Health Canada to trick users into 
sideloading it. Once installed, 
CryCryptor encrypts files on the 
device and provides an email 
address to contact to proceed 
with ransom payment and file 
recovery.°'°4 


WHO IT AFFECTS 


CryCryptor targets Android users 
in Canada. 


HOW IT REACHES A USER'S DEVICE 


In June 2020, mere days after 

the Canadian government 
announced plans to roll out a 
COVID-19 contact-tracing app, the 
cybercriminals behind CryCryptor 





created two fake Health Canada 
websites through which they offered 
their ransomware app. Preying on 
people's anxiety and uncertainty 
surrounding the COVID-19 pandemic, 
they tricked Android users into 
sideloading CryCryptor from these 
fake websites. 


HOW IT WORKS 


CryCryptor was developed from 
CryDroid, an open-source ransoware. 
Once downloaded, CryCryptor 
requests permission to access files 
on the Android device. Then, the 
malware encrypts common file types, 
including photos, videos, and PDFs. 
A ransom note Is attached to each 
encrypted file directory, containing 
an email address to contact regarding 
payment and file recovery. 
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Examples 
of spyware 


FluBot is a strain of spyware 
that behaves and spreads 
very similarly to FakeSpy. (See 
below.) FluBot poses as a DHL 
package tracking app across 
Europe, and focuses its attacks 
in the UK and Finland.°®° 


SpyNote spreads as a 
sideloaded, fake version of 
Netflix that can take control 
of a device's microphone, 
contacts, and messages.” 


HelloSpy, a type of stalkerware 
available only through side- 
loading, records the target's 
GPS location, phone calls, 
messages, photos and videos, 
and other data.”' It is marketed 
to “catch cheating spouses."72 


Consumer spyware. Spyware monitors the device’s user and steals 
sensitive information, such as messages, photos, and videos.°®” Spyware 

can harm both individuals (e.g., via identity theft or stalking) and businesses 
and organizations (e.g., via corporate espionage).°® Certain invasive forms of 
spyware can directly access a device’s microphone or camera.°?°° Consumer 
spyware is distinct from the highly sophisticated and narrowly targeted 
forms of spyware executed by nation-states via intelligence agencies. Unlike 
spyware developed or sponsored by nation-states, consumer spyware Is 
designed to target a broad set of users, and is relatively cheap to produce 
and distribute on platforms that support sideloading. In 2020, a third of all 
Android malware attacks involved spyware.’ 


Spyware has also been used by abusers to surveil intimate partners and 
their mobile devices. Apps containing such software, known as stalkerware, 
are used to track location, messages, emails, and photos, and to access 
the device’s camera in real time. The use of such apps Is associated with 
harassment, stalking, and domestic violence. In the last few years, the 
FTC has taken action against two US companies that sold stalkerware that 
allowed stalkers and domestic abusers to track their victims on Android 
devices.®''°? In both cases, even though the apps were not distributed on 
Google Play, abusers were able to sideload the apps onto victims’ devices. 
The FTC’s intervention was therefore critical in removing the apps from 
distribution.o"° 


Kaspersky Lab discovered 
over 50,000 users who were 
affected by stalkerware in 
2020.° 





The vast majority of 
stalkerware is distributed 
outside of first-party app 
stores.® 


One survey found that more 
than half of abusers tracked 
their victims’ mobile phones 
using stalkerware apps.°* 
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FakeSpy: Malware poses as fake 


package delivery messages to spy 


on users and steal their data 


Today 


y Cole al=\-1omcom-yle] ale) mr-m el-[e1,¢-lel-e 


please see https://post-a.top/ 


Now 


\S Fake messages attempt to trick users into 
sideloading FakeSpy via fraudulent postal 


service apps. 


FakeSpy uses SMS 
phishing to trick people 
into sideloading an Android 
app that masquerades as 

a legitimate postal service 
app. Once downloaded, it 
steals sensitive information 
from the device.®®° 


FakeSpy Is actively evolving 
to include new evasion 
strategies and spying 
capabilities. FakeSpy 
proliferates by sending 

SMS phishing messages to 
the infected user’s contact 
list.©° It is also expanding to 
mimic more legitimate postal 
services around the world to 
target new groups of users. 








e Royal Mail e¢ USPS Mobile e JP Post 





the world. 


WHO IT AFFECTS 


Android users in France, 
Switzerland, Germany, the 
UK, the US, Japan, and 
Taiwan, among others. 


HOW IT REACHES 
A USER'S DEVICE 


A target receives a text 
message claiming that the 
postal service attempted 
to deliver a package, and 
that the user should track 
or sign for it. The message 
contains a link to a website 
that prompts users to 
sideload the fake delivery 
tracking app. FakeSpy 

has masqueraded as mail 
services in France (La 
Poste), Switzerland (Swiss 
Post), Germany (Deutsche 
Post DHL), the UK (Royal 
Mail), the US (USPS), 
Japan (Japan Post), and 


> 








ele 


e Swiss Post 


\S FakeSpy app icons mimic those of 
legitimate postal services around 


Taiwan (Chunghwa Post). 
To trick potential victims, 
the sideloaded app’s icon 
resembles the official app 
icon for one of these official 
mail services. 


HOW IT WORKS 


Once the user has sideloaded 
the app, it requests 
permissions that allow it 

to obtain text messages, 
contact lists, call logs, 
network information, recently 
run tasks, and information 
about other apps. 


HOW IT HIDES 


After the user launches the 
app, it deceptively redirects 
them to the real postal 
service website, which helps 
the app remain undetected 
as malware. 
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Banking and other credential-stealing trojans. Common types of 
mobile malware are banking and other credential-stealing trojans. 
Disguised as legitimate apps, they aim to steal users’ credentials from 
banks, government accounts, or social media accounts, for example. 
Some banking trojans are capable of bypassing two-factor authentication 
security measures.’? The goal of banking trojans is to ultimately steal the 
credentials and money from the target's bank account.” Banking trojans 
are most commonly sideloaded.”* 





BlackRock: An Android trojan 


Other examples 

of banking and 
credential-stealing 
trojan apps 


Banker.BR, an Android trojan, 
uses screen overlays to steal 
banking information in Spain 

and Portugal.’’ 


TeaBot, a banking trojan, 
impersonates many popular 
apps in Western Europe to 
steal banking information 
and gain remote access to 
devices.7®:72 


Since 2017, Anubis banking 
trojans have posed as the 
apps of over 300 financial 
institutions and other types 
of apps.®° Once installed and 
activated, the apps request 
unnecessary permissions 
that allow them to execute 
nefarious commands. The 
malware predominantly uses 
phishing to trick people into 
providing their bank account 
information. 


poses as a fake version of 
Clubhouse to steal login 


credentials 


BlackRock ts an Android trojan 
that steals login credentials from 
over 450 online services, and tricks 
users into sideloading it by posing 
as the Clubhouse app.’°'”° 


WHO IT AFFECTS 


Android users in Europe and other 
parts of the world. 


HOW IT REACHES A USER'S DEVICE 


BlackRock spreads via a spoofed 
version of the Clubhouse website. 
When a user clicks “Get It on 
Google Play,” the trojan is automat- 
ically downloaded. 









See if you 
have friends 
on Clubhouse 


HOW IT WORKS 


The trojan poses as a Google update, 
and asks for Accessibility Service 
privileges. With those privileges, it 
can grant itself further privileges 

to function without requiring user 
input.”© The next time the user opens 
one of the targeted apps, such as 
BBVA, Lloyds Bank, or Facebook, 
the trojan launches a screen overlay 
window over the app’s interface that 
records the user's login credentials 
as they are typed. The trojan can 
access text messages, which allows 


it to defeat two-factor authentication. 


HOW IT HIDES 


When the trojan ts first launched 
on the device, it hides its app icon, 
thereby making itself invisible to 
the user. 
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Other forms of malware. Other well-known forms of malware, while 
similar to consumer malware, are typically not delivered through mobile 
apps and not targeted at everyday consumers. 


e Nation-state spyware is developed and sponsored by state actors 
via intelligence agencies or private contractors, often with the goal of 
advancing a nation’s intelligence or national security objectives. Unlike 
consumer spyware, nation-state spyware Is highly sophisticated, costs 
millions of dollars to develop, is typically not delivered via apps, and is 
used to target specific individuals.®"'82:°5 


e Enterprise ransomware occurs when criminals take control over 
corporate networks and demand ransom from the affected company 
in exchange for restoring access or preventing the cybercriminals 
from publicly releasing sensitive data stolen from the victim's 
network.®* Enterprise ransomware differs from mobile ransomware 
attacks (in which a consumer's device and personal data are held 
ransom), although employees’ mobile devices can be an entry point 
for cybercriminals targeting corporations. 
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How mobile malware attacks access users’ devices 


Cybercriminals and hackers can distribute malware to users through third- 
party app stores and via direct downloads from websites or even as email 
attachments.? As described below, a huge majority of malware — over 99 percent 
—comes from sideloaded apps, because first-party stores like the App Store have 
protections in place that prevent these distribution techniques from targeting 
users. The most common way for malware attackers to reach their targets is 
through social engineering or spoofing, i.e., using deception and manipulation as 
techniques to obtain users’ trust and get access to their devices. One study found 
that 98 percent of all cyberattacks rely on social engineering.'® Hackers sometimes 
use social media networks to spread scams and attacks, exploiting people’s trust in 
their friends and family.®°'°> There are many ways in which spoofing attacks, which 
are more likely to happen through sideloaded apps, try to obtain users’ trust: 


Copycat apps (or fake apps) copy the name, interface, and functionalities of other 
apps to acquire some of their users.®”°° They capitalize on users’ trust in popular 
(and legitimate) apps, such as Netflix, Candy Crush Saga, and Clubhouse, possibly 
hurting the image and reputation of those legitimate developers.’°°? Commonly 
downloaded via sideloading, these apps have fooled tens of millions of users 
worldwide.*2:2°.9" 


Fake system updates are a common spoofing technique in which malware 
pretends to be a system update, tricking users into downloading it and providing 
access to their devices. For example, a sideloaded Android app posed as a system 
update to infect users’ devices.? 


Email and phishing messages are another technique that malware attacks 
employ to convince users to download malware, appearing to be from senders the 
users trust.® °° These phishing messages commonly spread through social media 
apps. For example, FlyTrap, a malicious trojan on third-party app stores, spreads 
by hijacking users’ Facebook accounts to send personalized messages to victims’ 
social connections with links to the trojan.®° In Spain, people received mobile 
messages advertising and containing a link to sideload a fake and malware-ridden 
“Coronavirus Finder” app.°% In India, users received personalized SMS messages 
urging them to download a copycat of the tax-filing app from the official Income 
Tax Department of India. The app contained malware designed to steal their 
personal and financial information.°?° 
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Website spoofing creates legitimate-looking websites that contain malware.°%° 


=a These websites frequently lead to malicious apps available for sideloading. 
Examples include the aforementioned BlackRock Android trojan that spoofs the 


website of the Clubhouse app, luring unsuspecting users into downloading the 
trojan app instead of the legitimate app.”° 


Scareware tricks users by claiming to detect threats to the device, often offering 
solutions to those threats that involve sideloading an app containing malware.?”%° 
For instance, Armor for Android falsely warns people that malware has been 





detected on their devices, advising users to download Its antivirus app, which 
then scams them.’ 


Potentially unwanted applications are software packaged along with genuine 
apps that tailgate their way onto devices when users install the genuine apps. 





They can contain malware and drain devices’ resources.’°° For example, over 100 
Android apps, with more than 4.6 million combined downloads, contain the Soraka 
potentially unwanted application adware.'“" 


Hackers can also use supply chain attacks to infect user devices. Instead of 
tricking users into downloading infected apps, these attacks infiltrate and spread by 
tricking developers of legitimate apps.'°? One way those attacks have proliferated 
Is through infected software development kits (SDKs), the building blocks used by 
app developers to build apps."°° Cybercriminals and hackers can deliver malware 
to users by modifying and inserting malicious code in SDKs used by unsuspecting 
developers.’°* These attacks take advantage of the trust that users have in apps 
made by legitimate developers. For example, SWAnalytics, an Android data 
analytics SDK, hides Operation Sheep, a contact-stealing malware package. As 
of March 2019, 12 Android apps infected with this malware, with over 111 million 
downloads, had circulated in major third-party app stores.'°° 


Hackers often reuse the same malware strain, which they repackage into 
variants. Rather than creating entirely new malware — a costly endeavor — hackers 
modify existing malware into new versions to either improve it or spread it in other 
ways. Malware variants for Android have grown significantly in recent years.1°6'°7 
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The risks of opening the ecosystem 


Because cybercriminals and hackers rely heavily on apps to spread malware, 
first-party app stores have invested in extensive processes to screen and 
remove malicious apps.'°8"99."9 As the threat of malware has increased, these 
screening processes have become stricter and have dedicated a greater amount of 
resources to reviewing apps.'"""? And, if harmful apps are found on first-party app 
stores, they can be removed from distribution, preventing further user exposure."2:"4 


On the other hand, the large amount of malware on third-party app stores 
shows they do not have sufficient vetting procedures to check for harmful apps 
(and direct download websites have no independent vetting), so cybercriminals and 
hackers have relied on third-party app stores or direct downloads to spread their 
apps, taking advantage of the lack of oversight and the inability to control the spread 
of malware: Over 99 percent of Known mobile malware originates on third-party app 
stores.'>'® A study of malicious apps on Android found that once a malicious app is 
detected and removed from one app store, it often simply migrates to other third- 
party stores, and thus continues infecting consumer devices."°""° 


Because Android supports sideloading, malware has been able to spread on 
that platform more easily. Android smartphones are the most common mobile 
malware targets and have recently had between 15 and 47 times more infections 
from malicious software than iPhone.*° A study found that 98 percent of mobile 
malware targets Android devices." This is closely linked to sideloading: In 2018, 

for example, Android devices that installed apps outside Google Play, the official 
Android app store, were eight times more likely to be affected by potentially harmful 
applications than those that did not.'°? For example, as previously discussed, 
HiddenAds, CopyCat, FakeSpy, and BlackRock are all prominent malware strains that 
reached Android users via third-party sources. In addition, because cybercriminals 
and hackers rely on sideloading to spread pirated apps, piracy and intellectual 
property theft are more common on Android devices.2*2>""” On the other hand, iOS 
users are unlikely to be exposed to malware, and many of the rare malware attacks on 
the platform are narrowly targeted attacks, often carried out by nation-states.®2:°>"8 
Experts generally agree that iOS is safer compared to Android, in part because 
Apple does not support sideloading.° 


If regulations force platforms to support sideloading without any user 
protections, the harm to users could be even greater. The Android platform 
currently retains some features that discourage sideloading by adding “friction” 
for users — additional steps and warnings that prevent users from sideloading apps 
without realizing it. For example, devices are set up not to sideload as a default 
option, and corporate entities can disallow device-wide sideloading on employees’ 
devices."%129.21 Should regulations force platforms to support sideloading without 
any friction, the threat of malware, piracy, and intellectual property theft on both 


platforms would likely be higher as a result. 
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Apple tightly controls 
the Developer 
Enterprise Program 


Only legal entities that have 
validated their reasons for 
using the program are eligible, 
and they can only distribute 
apps to their employees. 


Apple can and does revoke the 
developer certificates of busi- 
nesses that misuse them. 


Employees who download 
apps created through the 
program must go into their 
device settings and affirm that 
they trust the business - their 
employer — which ensures users 
truly intend to download an app 
from outside of the App Store. 


Most enterprise customers do 
not use the program, as Apple 
offers businesses alternative 
ways to distribute apps to their 
employees to limit participation 
in the Developer Enterprise 
Program. For instance, busi- 
nesses can submit apps for 
custom app distribution on the 
App Store, a process by which 
each app goes through the 

App Review process before 
becoming available within the 
organization. Learn more here: 
developer.apple.com/custom- 
apps/. 


QQ 
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The limited mechanism to distribute apps outside 
of the App Store 


Apple's own experience with supporting the ability of a limited number of 
enterprise developers to distribute apps outside of the App Store shows 
that cybercriminals and even for-profit companies will go to great lengths 
to bypass the App Store so they can spread malware and other illegitimate 
apps. Apple created the Developer Enterprise Program to provide a way for large 
organizations to develop and privately distribute apps (for instance, confidential 
apps that cannot go through App Review), for use only by their organization’s 
employees. Under the tightly controlled program, Apple issues certificates to 
businesses, which allow them to distribute apps directly to their employees 
under their IT departments’ supervision. 


Despite the program's tight controls and limited scale, bad actors have 
found unauthorized ways of accessing it, for instance by purchasing 
enterprise certificates on the black market. Bad actors have used illegitimately 
obtained enterprise certificates to distribute apps that violate App Store policies, 
including apps containing malware such as Goontact (see below) and pirated 
versions of popular iOS apps.'22'28 Abuse of the Developer Enterprise Program 

Is not limited to cybercriminals. In 2019, for example, Apple revoked Facebook's 
enterprise certificate because It was used to distribute a VPN app called 
Facebook Research that collected mobile data and usage habits — such as web 
searches and browsing history, messages, and location data from Facebook 
users — targeting some as young as 13.'24"2° Enterprise certificates are meant only 
for internal use by a company, and are not intended for general app distribution, 
as they can be used to circumvent App Store and iOS protections. 


Apple has increased efforts to tighten controls on the program and add user 
protections, but abuse has persisted. This demonstrates the enormous risk 
posed by forcing Apple to support the ability of any developer to distribute 
apps outside of the App Store to all iPhone users. If the option to distribute 
apps via sideloading were available on a massive scale, without any restrictions, 
and with Apple powerless to revoke certificates from bad actors In cases of 
abuse, malware and other forms of illegitimate apps would run rampant. 
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Goontact: Adult video 
chat sites lure targets into 
downloading spyware 


Goontact is multi- 
platform spyware that 
reaches users’ devices 
through infected adult 
video chat apps. The 
spyware targets Android 
users via sideloaded apps, 
and is also able to target 
IOS users by abusing the 
Apple Developer Enter- 
prise Program.'22 


WHO IT AFFECTS 


Goontact is currently 
active across both Android 
and iOS platforms, and 
primarily targets users 

in China, Japan, Korea, 
Vietnam, and Thailand. 


HOW IT REACHES 
A USER'S DEVICE 


Malicious actors lure 
targets to websites 
promising adult video 
chats. However, they 
are instead connected 
with Goontact operators. 


Under the pretense of 
improving video or audio 
quality, operators prompt 
targets to sideload a well- 
known video-chatting app 
(such as Telegram) from 
a website that mimics the 
design of a first-party 
app store, guiding them 
through the process 

and coaxing them to 
enable access privileges. 
However, the sideloaded 
app Is fake and infected 
with spyware. 


HOW IT WORKS 


After Android users 
accept a prompt to grant 
Goontact permissions, It 
collects data on contacts, 
SMS messages, location, 
photos, and the device 
identifier. On iOS devices, 
the spyware can only 
collect contacts and 
device identifier data. 









Allow 
“Telegram” to 
access your 
camera? 


HOW IT TARGETS iOS USERS 


Goontact abuses the privi- 
leges of the Apple Developer 
Enterprise Program by 


obtaining unauthorized enter- 
prise certificates. While Apple 


revokes these certificates as 
soon as they are discovered, 
the malicious actors can 
keep spreading their malware 
through sideloading when 


they procure additional illegit- 


imate certificates. 


ADDITIONAL LAYER OF ATTACK 


During the first video chats 
with a Goontact operator, 
the cybercriminals record a 
compromising video of the 
target to use as blackmail. 
After users download the 
app, the spyware steals their 
contacts and the cybercrim- 
inals threaten to release the 
video to their contact lists 
unless a ransom Is paid. 
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You can read Apple's 
recent paper, "Building 

a Trusted Ecosystem 

for Millions of Apps," 

to learn more about how 
Apple's device protection 
and App Review keep 
your device safe. 





The impact of sideloading on the iOS ecosystem 


Forcing sideloading onto the iOS ecosystem would make iPhone less 
secure and trustworthy for users. This would be true regardless of whether 


sideloading occurred via direct downloads or through third-party app stores. 


Researchers agree that iPhone is the most secure consumer mobile device, and 
it is rare for any user to encounter malware on iPhone.° Because iPhone provides 
users with powerful and multi-layered security protections, it is usually not 
possible for cybercriminals and hackers to attack iOS devices at scale. Through 
the App Review process, Apple's goal is to ensure that apps on the App Store 
are trustworthy and safe. Apple is constantly improving this process, continually 
updating and refining App Review's tools and methodology. 


Forcing Apple to support sideloading on iOS through direct downloads or third- 
party app stores would weaken these layers of security and expose all users to 
new and serious security risks: It would allow harmful and illegitimate apps to 
reach users more easily; it would undermine the features that give users control 
over legitimate apps they download; and it would undermine iPhone on-device 


protections. Sideloading would be a step backwards for user security and privacy: 


Supporting sideloading on iOS devices would essentially turn them into “pocket 
PCs," returning to the days of virus-riddled PCs. 


First, if sideloading were supported, it would be easier for harmful apps 
to reach users. Direct downloads are unvetted, and the large amount of 
malware that proliferates on third-party app stores shows that those stores do 
not have sufficient vetting procedures to check for harmful apps. Users would 
now be responsible for determining whether sideloaded apps are safe, a very 
difficult task even for experts. Apple currently protects users by vetting apps 
and developers on the App Store, keeping illegitimate apps out, and quickly 
containing the spread of harmful apps. 
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Malware: Sideloading would expose IOS users to apps that contain known strains 
of malware. App Review screens all apps and app updates submitted to the App 
Store to check for various types of Known malware, including infected SDKs used 
In supply chain attacks. By contrast, known malware such as HiddenAds remains 
present on Android third-party app stores. (See above.) 


Spoofing: If sideloading were supported on iOS, malicious actors would be able 
to distribute copycat versions of popular apps that trick users. On the App Store, 
apps come from known and vetted developers only, and their content is reviewed 
by a member of the App Review team. This process works to prevent, for example, 
a trojan app posing as a fake version of Clubhouse and stealing user login 
credentials. (See above.) 


Illegal, pirated, and stolen content: Sideloading would expose users to apps 

with illegal content, such as illegal gambling apps, pirated apps, or apps containing 
stolen intellectual property. They would be able to spread on the iOS platform 
unchecked via third-party sources. Apple checks all apps submitted to the App 
Store for illegal content prohibited by Apple's policies. 


Unsafe apps targeted at children: Supporting downloads outside of the App 
Store would mean that parents may inadvertently sideload apps appearing to be 
kid-friendly but which actually put their children at risk. App Store policies enforce 
strict guidelines around data collection and security on apps in the Kids category. 
For example, these apps may not include links outside of the app, send personally 
identifiable information to third parties, or contain third-party analytics 

or advertising. 


Unchecked spread of harmful apps: In the rare cases in which a fraudulent or 
malicious app makes it on the App Store, Apple can remove it immediately once 
discovered, thereby stopping its spread to more users. Apple also identifies and 
blocks variants of the original malware that cybercriminals try to repackage in other 
apps, limiting its ability to mutate and spread further. For example, XcodeGhost 

was a form of malware that spread through an infected version of Xcode (Apple's 
environment for writing and compiling apps) that unsuspecting developers 
downloaded from a third-party website rather than from the Apple developers’ 
website.'2° Because the infected apps were centrally distributed through the App 
Store, Apple was able to swiftly work with cybersecurity firms to identify and remove 
them.'2”7A mechanism such as sideloading, without centralized review, would 

make it impossible to notify all impacted developers, and to control the spread of 
harmful apps, because removing them from the App Store would not prevent them 
from continuing to spread through third-party app stores and direct downloads. 
Researchers have found that when harmful apps are removed from an app store on 
the Android platform, malicious actors simply move them to alternative app stores."® 
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Learn more about 
Apple's privacy 
protections 


To learn more about how 
the App Tracking Trans- 
parency and privacy labels 
on the App Store give you 
control and transparency 
on how apps collect and 
use your data, read "A Day 
in the Life of Your Data" 
and visit apple.com/ 
privacy/control. 


Second, if sideloading were supported on iOS, users may not get accurate 
information about apps they download via direct download or through third- 
party app stores. Also, features that allow users to control what data apps are 
able to access would either not work, or would be much easier for malicious 
actors to manipulate. The App Store requires all developers to provide reliable 
information about apps, and Apple has designed many features that give users the 
ability to control what data apps are able to access. 


Permissions: App Review checks that the app doesn’t request access to sensitive 
permissions or data that are unnecessary for the app to function (for example, a 
weather app requesting access to the microphone or to health data). App Review 
also checks that apps do not make misleading or false claims when requesting 
permissions from users. If sideloading were supported, however, sideloaded apps 
would not have to be checked to see if they are improperly requesting and obtaining 
sensitive permissions and data, such as access to the device microphone or location 
data, regardless of whether this permission is needed for the app to function. 
Sideloaded apps may also attempt to trick users into granting permissions using 
manipulative or false messages. 


Reliable information for users: On the App Store, app developers are required 

to submit a description of their app and its features, screenshots of the app, and 
privacy information explaining what kind of data the app links to users’ identities and 
whether that data is used to track them across third-party websites and apps. This 
ensures that users know what to expect when deciding whether to download an app 
and that they are not misled by malicious actors impersonating trusted developers. 
If sideloading were supported, users could not be sure that apps downloaded 
outside the App Store are what they expected to download, and they may not have 
information on the apps’ privacy practices. 


Privacy protections: Privacy is at the core of Apple’s ecosystem. All apps on the 
App Store need to get users’ permission before tracking them across third-party 
apps or websites through the App Tracking Transparency feature. Sideloading would 
render this protection ineffective: While users could prevent sideloaded apps from 
accessing their Identifier for Advertisers (IDFA), sideloaded apps could access other 
device or user data, and their developers would not be required to abide by choices 
made by users to opt out of tracking. As a result, users’ data may be collected 

and shared without their permission. In addition, developers may have different 


incentives, and may choose not to protect users’ data the same way that Apple does. 


Some developers allege that they have lost advertising revenue due to App Tracking 
Transparency, and thus would have an incentive to sideload their apps specifically to 
bypass these privacy protections.'28 Furthermore, some developers, including social 
media platforms, have a history of abusing user privacy and safety, and have created 
apps that violate App Store guidelines designed to protect iOS users.124129 
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Parental controls: Apple has designed features that give parents control over 
how kids use iOS devices. Screen Time gives parents an understanding of the 
time kids spend using their devices, and allows parents to limit the amount of 
time they can spend each day on certain apps and websites. The Ask to Buy 
feature allows parents to approve or decline kids’ app downloads and purchases 
made via in-app purchasing, and has a 15-minute timeout to prevent subsequent 
purchases. Sideloading would weaken these parental control features, which 
could be easily bypassed by apps downloaded outside of the App Store. For 
instance, a game app could identify itself as an education app to evade Screen 
Time limits on game usage. And non-App Store purchases on sideloaded apps 
would not be controlled by Ask to Buy. 


Report a Problem: Apple provides features that allow users to request refunds 


for some purchases from the App Store, as well as to report app privacy violations 


or safety issues. These features ensure that users have recourse if something 
goes wrong, such as being a victim of fraud or scams. Under sideloading, there 
would be no guarantee that third-party app stores would offer fair, clear, and 
consistent refund policies, or provide customer support in cases where there is 
a problem with an app. 


Subscriptions: Apple’s subscription management tool allows users to view all 
their paid subscriptions made through in-app purchases In a single place. Users 
can see how much and how often they will be charged for in-app subscriptions, 
and they can easily cancel them. With sideloading, many developers could 
choose to make their apps incompatible with these features, and make It 
confusing and time-consuming for users to cancel subscriptions. 


Finally, sideloading would undermine iPhone's core on-device platform 
security protections. For security reasons, Apple restricts apps from accessing 
sensitive hardware elements (e.g., NFC chip, secure enclave, memory space, ultra 
wideband) and does not permit apps to use non-public operating system functions. 
Special entitlements — the right or privilege to use a sensitive service or technology 
— are granted selectively to apps that require access for a specific purpose. For 
example, the HealthKit entitlement determines whether an app may request user 
permission to access health and activity data. 


lf Apple were forced to provide full access to proprietary hardware elements 

and non-public operating system functions, as some efforts to force sideloading 
on iOS would require, it would undermine core platform security features, such 

as the sandboxing of apps and the separation between apps and the operating 
system. The attack surface on iPhone would significantly expand, and fundamental 
security protections would be endangered. For example, under some proposals, 
the operating system would no longer be able to prevent apps from stealing or 
modifying data from another app, or accessing location data, the microphone, 

or the camera without user permission. 
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Sideloading would make it easier and cheaper to execute many attacks that are 
currently difficult and costly to execute on iOS." This would expand the universe 
of attack techniques present on iOS, the set of users that are targeted, and the 
number of cybercriminals. Supporting sideloading would lower the cost of carrying 
out attacks on iPhone, incentivizing malicious actors to develop tools and expertise 
to attack iPhone device security and privacy at an unprecedented scale. 


Cybercriminals and hackers would take advantage of the adtech industrial 
complex to reach their targets. They would use mobile ad networks to spread 
harmful apps to users by targeting them with ads to install sideloaded apps. Mobile 
ad networks earn billions of dollars a year from ads for mobile app installs, a practice 
that would likely expand to include ads for malicious apps distributed through 
sideloading.'*°">' Cybercriminals already use ads on social media platforms to target 
users with malware for PC and many other types of scams."°2'93154 Users would 

face an onslaught of ads for malicious apps that these ad networks profit from and 
therefore have little incentive to police.'*°> Cybercriminals and hackers may also rely 
on social media networks to spread malicious apps through social engineering, 
exploiting people's trust in their friends and family. As a result, users would bear the 
burden of determining what is safe to click on and download. 


Even users who decide they don't want to sideload, and prefer to download apps 


only from the App Store, would end up being harmed. They could be forced to 
sideload an app they need for work, for school, or for social inclusion if it is not made 
available on the App Store. Furthermore, cybercriminals and hackers may trick users 
into unknowingly sideloading an app by mimicking the appearance of the App Store, 
or by touting free or expanded access to services or exclusive features. 


If Apple were forced to support sideloading via direct downloads and through 
third-party app stores, iPhone users would have to constantly be on the lookout 
for scams, never sure whom or what to trust, and, as a result, users would 
download fewer apps from fewer developers. Developers themselves would 
become more vulnerable to threats from malicious actors who offer developer tools 
that contain and propagate malware. Developers would also be more vulnerable to 
piracy and intellectual property theft, which would undermine their ability to get paid 
for their efforts and innovation. 
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Sideloading and iOS users 


Supporting sideloading on iOS devices would harm iOS users, whose security, 
privacy, and personal data would be put at risk by the increased threat of 
attacks by malicious actors. iOS users store personal, valuable, or sensitive 
information on their mobile devices.'°° Many iOS users use mobile banking and 
payment apps, and purchase goods and services on their devices.'*’ Employees 
also commonly connect to corporate networks on their mobile devices for work- 
related tasks. App Store users come from all walks of life and all age groups, speak 
different languages, and live all over the world. But one thing they have in common 
is that they are all protected by the App Store safeguards. 


Smartphone users have access to millions of apps, and download a large and 
increasing number of apps. In many countries, users have over 90 apps installed 
on their devices on average, and iOS users download almost 50 percent more apps 
than they did five years ago.'3®:'82'49 Each sideloaded app could potentially pose a 
threat to the security and privacy of users’ devices and their personal data. 


As aresult, Apple's security and privacy features are critical to protecting the 
hundreds of millions of iOS users. In fact, research shows that a majority of iOS 
users report that they have only some or no knowledge of cybersecurity issues, 
and do not change default security settings unless they run into specific issues.'%° 
Even among the small share of users with security expertise, when asked what 
they prioritize when making security choices, roughly as many chose convenience 
as chose security.'%° 


By reviewing every app before it becomes available on the App Store to ensure It is 
free of malware and accurately represented to users, and by swiftly removing apps 
from distribution if they are found to be harmful and limiting the spread of future 
variants, Apple protects the security of the ecosystem and provides peace of mind 
to customers. Sideloading is not in the best interest of users. 
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Guidance from security experts 


Government and international agencies worldwide, as well as security 


experts and cybersecurity providers, widely caution users about the risks 
posed by downloading apps from third-party app stores: 


Europol'*” 


Department of Homeland Security 
(United States)"*? 


Interpol and Kaspersky Lab" 


European Agency for Cybersecurity™ 


National Institute of Standards 
and Technology (United States 
Department of Commerce)‘ 


Norton (cybersecurity provider) 


Wandera (mobile security company) '*°"° 
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